Server name, IP address, or fully qualified domain name of the computer
running the proxy. Along with the port, this property defines the URL used by the
client to access the proxy server.

edgeencryption.proxy.name

Proxy name. It must be unique for each proxy.

edgeencryption.proxy.http.port

Port on the proxy for HTTP communication.

edgeencryption.proxy.https.port

Port on the proxy for HTTPS communication.

Table 4. SSL certificate properties

Property

Description

edgeencryption.proxy.https.cert.alias

Alias of the certificate provided by the proxy server to connecting
clients.

edgeencryption.proxy.https.keystore.path

Path to the keystore that contains the HTTPS certificate.

edgeencryption.proxy.https.keystore.password

Password for the keystore that contains the HTTPS certificate.

Table 5. Proxy configuration locked property

Property

Description

edgeencryption.proxy.locked

When true, the proxy does not accept encryption configuration changes or
encryption rule changes from the instance. Set this property on the production
instance after all encryption configurations and rules are final.

Table 6. Proxy database properties

Property

Description

edgeencryption.db.url

Proxy database location. Must be the same for all encryption proxies
connecting to the same instance.

edgeencryption.db.user

User name for accessing the proxy database. Must be the same for all
encryption proxies connecting to the same instance.

edgeencryption.db.password

Password to access the proxy database. Must be the same for all encryption
proxies connecting to the same instance.

edgeencryption.db.name

Proxy database name. Must be the same for all encryption proxies connecting
to the same instance.

Default value: edgeencryption

edgeencryption.db.bootstrap.file

Bootstrap file for the proxy database. The file is relative to the
sql/ directory. Must be the same for all encryption
proxies connecting to the same instance.

Note: Under normal circumstances, this parameter should not
be changed.

Table 7. Digital signature properties

Property

Description

edgeencryption.proxy.signature.keystore.path

Path and Java KeyStore file name.

edgeencryption.proxy.signature.keystore.password

Password. The default password is <changeme>. Change the password after
installing the Java KeyStore.

edgeencryption.proxy.signature.keystore.keyalias

The key alias given as the -alias argument when the RSA key
pair is generated.

Table 8. NAE device keystore

Property

Description

edgeencryption.nae.retries

Number of retries to make.

edgeencryption.nae.enabled

Setting indicates whether an NAE device is available.

edgeencryption.nae.server

Name of the NAE server.

edgeencryption.nae.port

Port used by the NAE server.

edgeencryption.nae.protocol

Protocol used by the NAE server.

edgeencryption.nae.keystore.path

Path to the key store on the NAE server.

edgeencryption.nae.keystore.password

NAE
keystore
password.

edgeencryption.nae.username

User name to use to authenticate with the NAE device.

edgeencryption.nae.password

Password to use to authenticate with the NAE device.

edgeencryption.nae.client.certificate

Certificate located in the keystore on the NAE server. Set this property to
authenticate using a certificate instead of a username and password.

Table 9. Clear text and static IV properties

Property

Description

edgeencryption.customer.assigned.known.cleartext

Clear text to let the instance verify that all proxies are using the same
keys. At startup, the proxy encrypts the clear text and sends the encrypted text
to the instance. The instance does not know the clear text, nor are keys sent to
the instance. This property must be the same for all proxies.

edgeencryption.encrypter.static.iv

Static IV (initialization vector) used in equality-preserving and
order-preserving encryption. This property must be the same for all proxies and it
must be exactly 16 bytes (16 ASCII characters).

Table 10. Password property

Property

Description

edgeencryption.encrypter.properties.password

Name of the file in the conf folder that contains a
string used within a secure process to obfuscate passwords in the
edgeencryption.properties file.

If this property is not
set, passwords in your properties file appear in clear text. Leave this property
blank until after the proxy configuration has been set up and
tested.

Table 11. Web proxy properties

Property

Description

edgeencryption.webproxy.host

Web proxy name or IP address.

edgeencryption.webproxy.port

Port on the web proxy.

edgeencryption.webproxy.user

User name used to connect to the web proxy. If your web proxy does not use
authentication, leave this property commented out.

edgeencryption.webproxy.password

Password to use to connect to the web proxy. If your web proxy does not use
authentication, leave this property commented out.

Table 12. Java KeyStore properties

Property

Description

edgeencryption.keystore.path

Path to the Java KeyStore. If using a file store or a SafeNet KeySecure
keystore, leave this property commented out.

Example:

edgeencryption.keystore.path = keystore/keystore.jceks

edgeencryption.keystore.password

Password the proxy uses to connect to the
Java
KeyStore. If using a file store or a SafeNet KeySecure keystore, leave this
property commented out.

Table 13. File store properties

Property

Description

edgeencryption.keyfile.directory

The directory specifies where key files are stored. If using the Java KeyStore
or a SafeNet KeySecure keystore, leave this property commented out.

Example:

edgeencryption.keyfile.directory=keys

Table 14. General configuration properties

Property

Description

edgeencryption.config.poll.interval

The poll interval in seconds. The default setting means that it takes 5
seconds for the proxy to learn of encryption configuration changes. Larger values
cause the instance to take longer to detect an offline proxy.

Note: Do not change
this property.

edgeencryption.rules.dir

Folder where the encryption rules are stored on the proxy.

edgeencryption.encryption.order_preserving.cache.enable

Whether caching is used to support order preserving encryption types.

edgeencryption.encryption.order_preserving.cache.size

Maximum cache size, in bytes.

edgeencryption.jobs.concurrency

Maximum number of mass encryption jobs that can run concurrently on this
proxy.

edgeencryption.jobs.requests_per_second

Number of http job requests per second that can be sent to the instance by
this proxy.

edgeencryption.attachments.request.timeout.seconds

Attachment upload request timeout in seconds.

edgeencryption.request.buffer.size

If an encryption request is larger than this size, the excess is saved to
disk. You should not change this number.

edgeencryption.register.retry.count

Maximum number of times the proxy will ping the instance to try to register.
The default is 0 (no limit).

Table 15. Deprecated proxy encryption properties

Property

Description

edgeencryption.encrypter.default.key128

Specifies the name of the current AES 128 key. An AES 128 key must be available
even if it is not used. Must be the same for all proxies.

edgeencryption.encrypter.default.key256

Specifies the name of the current AES 256 key. Must be the same for all
proxies.

edgeencryption.encrypter.key

Specifies the key name. This property is specified for each key and is used to
specify the default keys. This is the key alias integrated with the metadata that
is included with each encrypted item and, therefore, is stored on the instance.
The key name must use lowercase letters.

edgeencryption.encrypter.type

Specifies the type of encryption keystore system.

edgeencryption.encrypter.file

Specifies the path and file name of the text file associated with the
key.